My Cloud Os 5 Security Vulnerabilities and Issues — My Cloud Os 5 CVE List

Lucene search

WesterndigitalMy Cloud Os 5

8 matches found

CVE•added 2020/12/12 12:15 a.m.•80 views

CVE-2020-29563

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.

9.8CVSS9.8AI score0.05623EPSS

CVE•added 2020/12/01 4:15 p.m.•54 views

CVE-2020-28970

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated ad...

9.8CVSS9.6AI score0.03621EPSS

CVE•added 2023/05/08 11:15 p.m.•37 views

CVE-2023-22813

A device APIendpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy...

4.3CVSS4.2AI score0.00139EPSS

CVE•added 2023/05/18 6:15 p.m.•35 views

CVE-2022-36328

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, M...

5.8CVSS5.5AI score0.00072EPSS

CVE•added 2023/05/18 6:15 p.m.•34 views

CVE-2022-36327

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk i...

9.8CVSS8.3AI score0.00274EPSS

CVE•added 2020/12/01 4:15 p.m.•33 views

CVE-2020-28940

On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.

9.8CVSS9.8AI score0.03621EPSS

CVE•added 2020/12/01 4:15 p.m.•32 views

CVE-2020-28971

9.8CVSS9.7AI score0.03145EPSS

CVE•added 2023/05/18 6:15 p.m.•31 views

CVE-2022-36326

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and...

4.9CVSS4.8AI score0.0011EPSS